Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gxlcms gxlcms qy 1.0.0713 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-9847
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote malicious users to execute arbitrary PHP code by placing this code into a template.
Gxlcms Gxlcms Qy 1.0.0713
7.5
CVSSv3
CVE-2018-9850
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote malicious users to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
Gxlcms Gxlcms Qy 1.0.0713
7.5
CVSSv3
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote malicious users to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a "...
Gxlcms Gxlcms Qy 1.0.0713
9.8
CVSSv3
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote malicious users to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.
Gxlcms Gxlcms Qy 1.0.0713
9.8
CVSSv3
CVE-2018-9848
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote malicious users to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jp...
Gxlcms Gxlcms Qy 1.0.0713
9.8
CVSSv3
CVE-2018-9247
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote malicious users to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and ...
Gxlcms Gxlcms Qy 1.0.0713
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started